When a client has requested access to a protected resource and has received an access token, the client can then present the access token to the resource server. If Integration Server is the resource server, clients can present the access token using the authorization request header field. Clients can send the access token in the Authorization request header field using the Bearer authentication scheme to submit the access token. For example:

If you are using the pub.client:http service, you can send the token using the auth header field. For information about using this service, see webMethods Integration Server Built-In Services Reference .

For more information about the Bearer authentication scheme, refer to the OAuth 2.0 Authorization Framework Bearer Token Usage specification.